- EAP transactions start off by the RADIUS server sending a Request-Identity message, meaning that the Code is Request and the Type is Identity. - The client then responds with a Response-Identity, with the Data field containing the text username the client has.. - The certificate is then signed cryptographically by a signing authority, a trusted agent who signs certificates as proof of validity.. - 8.2.3.1 Public-Key Cryptography. - We now enter the world of public-key cryptography. - Public-key cryptography is a set of mathematical procedures and theorems that allows one party to send an unauthenticated message that only the other party can read. - The first notion of public key cryptography is that there is not one key, but two keys. - One of the keys is the private, secret key. - The other key, however, is a public key. - Using the public key algorithms, a message encrypted with one key can be decrypted only with the other. - Encrypt with the private key, decrypt with the public, or encrypt with the public key, decrypt with the private.. - From this point, we can now begin to see shadows of the usefulness of public key cryptography appear. - of the mathematics behind the procedure, but once one is chosen as public and one is private, they must each keep to their respective roles forever. - The public key is widely disseminated. - Now, we can take the two keys and derive two different operations, based on applying the same public key encryption functions but using the opposite keys. - Any entity whatsoever can take any arbitrary message and encrypt it using the public key. - But now, once encrypted, it is private, and only the owner of the keys can decrypt the message. - This message has no privacy whatsoever, because everyone has the public key, and anyone with the public key can decrypt this message and read the contents.. - The mathematics of public key cryptography are more advanced than that of the private key cryptography we have seen so far, and drift into the world of computational algebra, a much more involved subject than the algebra people learn in high school.. - The most famous public key cryptography mechanism, and by far the most popular, is Rivest, Shamir, and Adleman (RSA). - Named after the three authors of the work that laid out this mechanism, RSA uses the now well-known fact that the product of two very large prime numbers is computationally difficult to factor back into those prime numbers. - The public exponent e is chosen to be relatively prime to the number (p – 1)(q – 1). - Practically, this number is often fixed to be 65,537, and the selector of p and q ensures that this works. - The public key, then, is simply the number e and the more random number pq. - The operation for encryption is taking an appropriately padded message m and raising it to the power of the public exponent e (mod n). - The decryption step is longer, and raises the encrypted message c to the power of the private exponent d (mod n). - The other algorithm that is used is the Digital Signature Algorithm (DSA), created by the United State government. - The usefulness of public-key cryptography has been baked into the concept of the. - The certificate contains the public key of the party it represents. - Thus, the owner of the certificate has the matching private key, which he keeps safe.. - Subject Public Key Info:. - Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit). - The next line is the serial number for this certificate, and is unique for the authority who signed the certificate. - Following that is the signature algorithm that is used by the signing authority.. - The issuer of the certificate is. - “Thawte Consulting,” one of the main certificate authorities and a part of Verisign. - The next two lines state when the certificate is good. - It is not good past a certain time, to allow for the signing authority to make sure the possessor of the private key is still represented by the certificate.. - The subject line is the name of the organization who owns the certificate. - The CN field at the end is matched directly with the web address to verify that the name of the machine matches.. - The meat of the certificate is in the public key. - The first part is the 1024-bit modulus, which was mentioned in the previous section. - Not surprisingly, the public exponent is 65,537.. - The X.509 v3 extensions provide what rights the certificate owner has with the certificate. - When the other party to the transaction—in this case, a web browser—looks up Google’s services, the server sends this certificate. - The client will then look up the certificate of the authority from a locally stored, always-trusted set of signing authority certificates. - certificate is on every computer, so the client will take the public key from it and use it to undo the encryption on the SHA-1 signature in Google’s certificate, then to compare the SHA-1 hash it calculates with the one in the certificate. - If they match, then the certificate checks out and the server is authenticated.. - This allows for a longer hierarchy, which is useful in enterprises, in which an enterprise will get a signing certificate for itself, validated with one of the well-known root authorities, and then sign the client certificates that way.. - The server will validate the client’s certificate.. - Certificate exchanges are useful for validating that the certificate is valid, but it does not say anything about the holder of the certificate. - TLS is the replacement for SSL, the Secure Socket Layer that is used for HTTPS.. - First, the client connects to the server. - The server provides its identity with a certificate, as well as a nonce. - The client then responds with its certificate—an optional step for some applications, such as HTTPS—and its own nonce.. - The client also picks a special key, called the premaster secret, which is used for any subsequent steps. - This is a random number that is encrypted with the server’s public key and sent, encrypted, to the server, which decrypts and installs it. - From that point, the server and the client have a secure channel with which to finish the operation. - For TLS, this operation is rather straightforward, and the server and the client can derive their master session keys.. - TLS itself uses its record protocol to provide basic messages as a part of the exchange. - One or more of the client TLS records are sent in one or more EAP Request-TLS messages, and the server’s records come in EAP Response-TLS messages. - This communication is layered on top of the protocols from the client to the NAS, and from the NAS, using RADIUS, to the RADIUS server. - The only last detail is the EAP type for TLS, which is 13.. - The example exchange for security in Chapter 5, on Wi-Fi, shows a PEAP-based TLS session, and gives a good idea on how the exchange works when the client does not have a certificate.. - 21 — Alert Sends a warning or error that can abort the TLS operation, if one of the parties does not have the right credentials.. - 0 Hello Request Sent by the server to start the protocol, if the client hasn’t already sent a Client Hello.. - 1 Client Hello Starts the process with a nonce, and provides what cipher suites the client supports.. - 2 Server Hello Responds to the Client Hello with a nonce, the selected cipher suite, and a session ID for resuming TLS later.. - 13 Certificate Request Sent to request a certificate from the client.. - 14 Server Hello Done Marks the end of the Server Hello group of records.. - 15 Certificate Verify Sent by the client to prove that it has the private key to the certificate it offered.. - 16 Client Key Exchange Sends the premaster secret, encrypted to the server using the server’s public key. - Once the TLS session gets to the point where both sides have agreed to a premaster key, then instead of TLS finishing up and establishing a session key, the client and RADIUS server drop into using the encrypted Application Data protocol of TLS to embed a second, inner EAP session. - This nesting of an encrypted EAP session over an unencrypted TLS session allows PEAP to protect any of the EAP methods that needlessly expose information.. - It uses a few more fields between the inner and outer tunnel, and the details are not significant enough to go into here.. - When the user wants to log in, the server asks the user to pull out the cardkey and read the number on the display. - This number, which changes every minute or less, will serve, along with the user’s name and password, that the user is at least in physical possession of the device. - self-destruct electronically—this provides a higher grade of authentication than just a password alone.. - To prevent those messages from being shown in the clear—especially because an attacker who might have electronic access the username, password, and cardkey display could open up all of the network if it acted quickly enough—these exchanges should be tunneled as well.. - EAP-SIM is defined in RFC 4186, and uses multiple invocations of the GSM SIM authentication mechanism to verify that the client is what is claims to be. - The Authentication and Key Agreement (AKA) protocol is used in UMTS networks to provide the mutual authentication between the phone and the network.. - Both of these mechanisms would allow for out-of-the-box authentication of mobile devices.. - Unfortunately, they do require that the RADIUS server have access to the identity. - to refer to the application-level endpoint, in the appropriate architecture, that the traffic is being sent to.. - What it does is provide a format for the encryption or authentication cryptographic algorithm to be applied to the IP packet.. - In this case, IPsec only encrypts or authenticates the payload of the packet, of course binding the header fields to the. - This allows the outer IP packet to be modified without concern to the security properties of the connection.. - The format of the ESP header is shown in Table 8.10.. - The payload is the data that is being encrypted. - In transport mode, the data is the payload of the unencrypted IP packet. - At the start of the payload, the type of encryption negotiated beforehand may require an initialization vector (IV). - This will come before the encrypted payload, and the decryption and encryption algorithms are responsible to know where to look for them. - The Next Header field has the type of the packet that was encrypted. - A dummy packet is inserted by the sender to mask the overall statistical properties of the encrypted flow, if the sender wishes to do that. - Finally, the integrity check value (ICV) is calculated, which covers the entire ESP header, the payload, and the trailer fields. - authentication, but does not protect the contents of the frame from being spied on. - Apart from a bit of rearranging, and the elimination of any potential IV, the fields mean the same as with ESP.. - For both approaches, when integrity is applied to the IP header, some of the fields are allowed to change, and others are not. - Specifically, the only fields that can change in the outer IP header (or only header for transport mode) are the DSCP field, the flags, the fragment offset, the TTL, and the header checksum.. - The size of the window is up to the negotiation between the two
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt